USN-6621-1: ImageMagick vulnerability

Isolation Segment

2 more products

24670

15 July 2024

15 July 2024

CLOSED

MEDIUM

CVE-2023-5341

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 22.04
  • Cflinuxfs4

Description

It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick-common - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-dev - 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick - 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-doc - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-6-headers - 8:6.8.9.9-7ubuntu5.16+esm10 libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm10 libimage-magick-perl - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-dev - 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm10 perlmagick - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6-arch-config - 8:6.8.9.9-7ubuntu5.16+esm10 libmagick++-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6.q16-dev - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6-headers - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm10 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

  • Cflinuxfs3
    • 0.385.0 or greater
  • Jammy Stemcells
    • 1.360 or greater
  • Isolation Segment
    • 2.11.48 or greater
    • 2.13.33 or greater
  • VMware Tanzu Application Service for VMs
    • 2.11.54 or greater
    • 2.13.36 or greater

References

https://ubuntu.com/security/notices/USN-6621-1

https://www.cloudfoundry.org/blog/usn-6621-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6621-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24670

History

2024-02-01: Initial vulnerability report published.